The locks on hotel doors can be affected by simple adjustments to their built-in security software, according to research from one of the largest cybersecurity firms in the world.
An F-Secure team discovered that a software system used in hotels around the world, including many well-known chains, can be hacked to grant tickets to criminals to several rooms.
F-Secure researchers studied the card keys of a wide range of hotels, and discovered that using hardware cost only a few hundred euros. , they could create a tool that allows them to create so-called "master keys" that could elude the protection offered by the Assa Abloy door locks.
The key to the card did not even have to be one that is currently in use, the team said. with some up to five years still allowing access.
The hardware kit used to clone keys involved the scanning of the RFID tag or mag stripe included in a card key, which is then copied by a small device that is then able to generate a hug e number of additional keys in a matter of minutes
The researchers notified Assa Abloy of their findings in April 2017, and since then they have been working with the company's R & D team to correct the failures, with Assa Abloy recently issuing a software update for affected hotels.
"Due to the diligence and willingness of Assa Abloy to address the problems identified by our research, the world of hospitality is now a safer place," says Tomi Tuominen, practice leader of F-Secure Cyber Security Services. "We urge any establishment that uses this software to apply the update as soon as possible."